[OAUTH-WG] OAuth 2.0 Protected Resource Metadata now with WWW-Authenticate

Michael Jones <michael_b_jones@hotmail.com> Tue, 11 July 2023 00:34 UTC

From: Michael Jones <michael_b_jones@hotmail.com>
To: "oauth@ietf.org" <oauth@ietf.org>
Thread-Topic: OAuth 2.0 Protected Resource Metadata now with WWW-Authenticate
Thread-Index: AdmzjvHSMw8vqEzERwqO2iMnYg7MaQ==
Date: Tue, 11 Jul 2023 00:34:30 +0000
Message-ID: <MW4PR02MB742844C56F175D4E359EDD07B731A@MW4PR02MB7428.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Qkx5lA7O8MPNZcUd3FZjNnpoqS2EwJopL9brrenUVh8T15ZsWYXyOIlqiUWjnJ2ahM/quHeGtFZpCQGPAyZVIUofXDiaeuEE3EcGzfe9WftClzwDYiuLCrtWI4WeGuFL1V+UvHRH7ehOORcfKgPtX+t+lWWeQp0bnseZlgcxg3dPuFQGhPx/ml8CB/yjzjm55TO+N2IjhpI3Ia2GZeUX2pbD1FFxiqp8+wFZp9rQJQYHyIeMsIsfYy9U27at5I+BVQoKKmxOzadQKNSYpUhOz+BGSxQkyoIv0wSUA5NMkAYPRoGZe1ZzYzR1UimEXzCO7PTBHvWsuR7ry2D3pX8kku3ae28ltMHQKUf7Z/hgz8HQKdJzjQfGCFsE7rzGy/hYj6bN0eR6qD0bcu9VLDQwT0yy3mWjz7xYZbbxlvQcVT28Kprf+hFb416ctEA4O4IWtsp+JjES7DzvrxEy3ekogtrvBiDDVQNfrU43HswkQHZWQ9Tq1SdngLDtu9HXyZEn88Jg437kBKMY2s8gEL0yZFR+SY4jvU+fkw//3REFWvzA4uFtaTAFd5QxBslxSOQgJzk1ZQoUZ3m7rldqpcyUtAiRPhZ1zymwTY8DSvLxiwPjI2PPnFby8Hf21ol5FBcqyADZDh/GIP8zhtlW5R+bHsd0QfpC2cpMAJwyMALQ/9N4+hxH2LPSgNRN5vG5eeKIoGA6PzX00zVPurDZXDtxcgZar3L72DveSOMs4D6bU02YfG6xMC9l5xfOoSpewmLM+9BrPDUq8nNsV/X5M3Y6fTEtEyYRakUyJ/ZI6RXF7uxaQqCJUiHxnsOOvU7rpVHYoaiVASbt8aV85RYhA+LsbV0ypjKweUNzkOWn6BpIYDz9/LJmlKd0CVCCxQn2/ED/9J0KNkM0YY4SlQIoPUvr2IHtzSfiV/fybwtdnIOPKFyFnxChYYjZBrm0kIIx2QkMDWOJApIgskVhAmbzbFcpsWgj6n1BVqcWAbnelajPeQK9tBu0YJxojvjY/HjSCBMrL3VVBt6R8j1vw/9O+7hJ9+ldAbAT4ykYkVu6dOe88yhttXGBm737Exg04z77WW6WcjHTNKn9V/CWracJDx8+e5MEZarmhP20QAqCk68fGGMXW8WXdlClVKlHL6ZH1NYlN5hddmoNZoejFRTfWjZ2e/sS9N2IvXWoIzG2Bwp0om8SlH5c50WUiP0u8tTjQfr54jhBq2EjSNOdi9E3dHCx3bWvGZNQq9xctwGrjKlnzIA6oYwMluECJrBL3Pnb6M09mRqkDOPI5uf50v+QUByGMzoWnHVa239LtgAYbUYktzU=
Content-Type: multipart/alternative; boundary="_000_MW4PR02MB742844C56F175D4E359EDD07B731AMW4PR02MB7428namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MW4PR02MB7428.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: e0c1f02d-e2af-4c23-9b54-08db81a69719
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jul 2023 00:34:30.2614 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR02MB6713
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/5RQSZ9doUVeuuUQ_RDuCACq9v7w>
Subject: [OAUTH-WG] OAuth 2.0 Protected Resource Metadata now with WWW-Authenticate
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jul 2023 00:34:35 -0000

In collaboration with Aaron Parecki<https://twitter.com/aaronpk>, the ability for OAuth 2.0 protected resource servers to return their resource identifiers via WWW-Authenticate has been added to the OAuth 2.0 Protected Resource Metadata specification. This enables clients to dynamically learn about and use protected resources they may have no prior knowledge of, including learning what authorization servers can be used with them.



This incorporates functionality originally incubated in draft-parecki-oauth-authorization-server-discovery-00<https://www.ietf.org/archive/id/draft-parecki-oauth-authorization-server-discovery-00.html>. Aaron and I had been asked to merge the functionality of our two drafts during an OAuth working group session at IETF 116. We're both happy with the result!



The specification is available at:
*        https://www.ietf.org/archive/id/draft-jones-oauth-resource-metadata-04.html

                                                       -- Mike

P.S.  This notice was also posted at https://self-issued.info/?p=2377 and was referenced from https://twitter.com/selfissued/status/1677471513023508481.

[OAUTH-WG] OAuth 2.0 Protected Resource Metadata … Michael Jones
Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Brian Campbell
Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Giuseppe De Marco
Re: [OAUTH-WG] OAuth 2.0 Protected Resource Metad… Rebecca Warren